08-18-2021 12:08 AM
Our firm is looking into implementing 802.1X authentication for our Wi-Fi and it happened that we are using Ruckus vSZ. Looking to shed some light on what are the things that we exactly need in order to be able to implement this one properly. To add to this, we also have Apple devices (Mac's and Ipad's) that will need to work on this project as well. Another thing is that we also have a guest Wi-Fi, do we need to include that as well when this change has been implemented or we can keep the same traditional password based authentication for this?
Basing it from the guide that I found and from what I understand is that we will need the following. Any other input will be appreciated. Thank you.
Reference link: https://www.commscope.com/globalassets/digizuite/1609-6-appnote-configuring-802-1x-with-windows-serv...
Solved! Go to Solution.
08-20-2021 07:23 AM
For a secure network (and or automated, if required), you need below network resources.
For client connection:
To know more about Cloudpath, refer the product link from here.
08-26-2021 08:21 AM
Refer my response below.
Just wondering, which of the following service will this fall into in this case.
[Syamantak] All of them.
Management Web—Used by Web UI and Public API traffic.
AP Portal—Used by Web Auth WLAN and Guest Access WLAN control traffic.
Hotspot (WISPr)—Used by WISPr WLAN control (Northbound Interface, Captive Portal, and Internal Subscriber Portal) traffic.
Communicator—Used by AP control traffic.
Correct me if I am wrong but these are the things that we will need in order to get this rolling.
Cert for the controller. || Just one CA signed certificate if you want to make user experience better and secure the communication for all the web based services like controller GUI, AP portal, WIPSr auth, etc. Please note that it is not mandatory to have a CA signed cert, system will still work with its default certificate.
Cert for the clients that will come from the DC (Another cert for the NPS/Radius itself?) || You have windows server already, just install certificate manager services and you can generate self signed cert for radius server and same server can also generate certs for end user devices for EAP-TLS.
AD - For the user group/security group. || Yes, this is required for identity management.
NPS - For the connection request policies. || Yes
SSID config for the 802.1X auth from the controller. || Yes, you have to first configure AAA server profile in controller and same will be used in WLAN configuration with 802.1X auth.
08-31-2021 01:07 AM
Yes this is what you need. You also need to decide what kind or Radius authentication you want to use. The simplest to realise is to use of password authentication, it just requires some configuration on NPS and on SZ, but the most secure way is to use certificates for authentication.
Wireless configuration is almost the same in both cases, but to use certificates you need to setup properly MS infrastructure to to generate and distribute user and computer certificates. It is well documented, but requires some planning work, and as any Microsoft solution, may get complicated without obvious reason...
In all cases, there is not that much to configure on Smartzon part itself, as SZ works just as a autrhentication proxy and actual authentication is done by NPS.
09-13-2021 05:09 PM
09-13-2021 05:14 PM
@eizens_putnins Thanks for your response and we will go for the certificate based as the office has been using the traditional password setup for quite some time now and our InfoSec has been on the watch on this matter. I agree that chunk of work will be on the MS side which will fall on our System Admins team as we are separate from them and they are already aware on what is needed on their end and what will be done on our end as well and we will be looking into implementing this within the next couple of weeks or months to say the least.
09-14-2021 05:33 AM
@paul_andrew_ramos glad to help you!